diff --git a/.github/workflows/kdmp-parser.yml b/.github/workflows/kdmp-parser.yml index 3c69b6b..90cbdfa 100644 --- a/.github/workflows/kdmp-parser.yml +++ b/.github/workflows/kdmp-parser.yml @@ -34,13 +34,14 @@ jobs: fail-fast: false matrix: variant: - - {os: windows-latest, generator: msvc, arch: x64, config: RelWithDebInfo} - - {os: windows-latest, generator: ninja, arch: x64, config: RelWithDebInfo} - - {os: windows-latest, generator: msvc, arch: win32, config: RelWithDebInfo} + - {os: windows-2019, generator: msvc, arch: x64, config: RelWithDebInfo} + - {os: windows-2019, generator: ninja, arch: x64, config: RelWithDebInfo} + - {os: windows-2019, generator: msvc, arch: win32, config: RelWithDebInfo} # - {os: windows-latest, generator: msvc, arch: arm64, config: RelWithDebInfo} - - {os: ubuntu-latest, generator: gcc, arch: x64, config: RelWithDebInfo} - - {os: ubuntu-latest, generator: clang, arch: x64, config: RelWithDebInfo} - - {os: macos-latest, generator: clang, arch: x64, config: Release} + - {os: ubuntu-22.04, generator: gcc, arch: x64, config: RelWithDebInfo} + - {os: ubuntu-22.04, generator: clang, arch: x64, config: RelWithDebInfo} + # most up to date free intel based osx? + - {os: macos-13, generator: clang, arch: x64, config: Release} runs-on: ${{ matrix.variant.os }} name: parser / ${{ matrix.variant.os }} / ${{ matrix.variant.generator }} / ${{ matrix.variant.arch }} env: @@ -58,26 +59,26 @@ jobs: path: . - name: Environment Setup (Windows) - if: matrix.variant.os == 'windows-latest' + if: matrix.variant.os == 'windows-2019' run: | Import-Module .\.github\Invoke-VisualStudio.ps1 Invoke-VisualStudio2022${{ matrix.variant.arch }} echo "CMAKE_ARCH='-A ${{ matrix.variant.arch }}'" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: Environment Setup (Linux) - if: matrix.variant.os == 'ubuntu-latest' + if: matrix.variant.os == 'ubuntu-22.04' run: | sudo apt update - name: Build (Linux/GCC) - if: matrix.variant.os == 'ubuntu-latest' && matrix.variant.generator == 'gcc' + if: matrix.variant.os == 'ubuntu-22.04' && matrix.variant.generator == 'gcc' run: | sudo apt install -y g++ echo CC=gcc >> $GITHUB_ENV echo CXX=g++ >> $GITHUB_ENV - name: Environment Setup (Linux/CLang) - if: matrix.variant.os == 'ubuntu-latest' && matrix.variant.generator == 'clang' + if: matrix.variant.os == 'ubuntu-22.04' && matrix.variant.generator == 'clang' run: | sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)" echo CC=clang >> $GITHUB_ENV @@ -110,12 +111,13 @@ jobs: # nanobind does not support Python < 3.8. python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] variant: - - {os: windows-latest, generator: msvc, arch: x64, config: RelWithDebInfo, py-arch: x64} - - {os: windows-latest, generator: msvc, arch: win32, config: RelWithDebInfo, py-arch: x86} + - {os: windows-2019, generator: msvc, arch: x64, config: RelWithDebInfo, py-arch: x64} + - {os: windows-2019, generator: msvc, arch: win32, config: RelWithDebInfo, py-arch: x86} # - {os: windows-latest, generator: msvc, arch: arm64, config: RelWithDebInfo, py-arch: x64} # Unsupported (see https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json) - - {os: ubuntu-latest, generator: gcc, arch: x64, config: RelWithDebInfo, py-arch: x64} - - {os: ubuntu-latest, generator: clang, arch: x64, config: RelWithDebInfo, py-arch: x64} - - {os: macos-latest, generator: clang, arch: x64, config: Release, py-arch: x64} + - {os: ubuntu-22.04, generator: gcc, arch: x64, config: RelWithDebInfo} + - {os: ubuntu-22.04, generator: clang, arch: x64, config: RelWithDebInfo} + # most up to date free intel based osx? + - {os: macos-13, generator: clang, arch: x64, config: Release, py-arch: x64} runs-on: ${{ matrix.variant.os }} name: bindings / ${{ matrix.variant.os }} / ${{ matrix.variant.generator }} / ${{ matrix.python-version }} / ${{ matrix.variant.arch }} env: @@ -137,30 +139,30 @@ jobs: architecture: ${{ matrix.variant.py-arch }} - name: Environment Setup (Windows) - if: matrix.variant.os == 'windows-latest' + if: matrix.variant.os == 'windows-2019' run: | Import-Module .\.github\Invoke-VisualStudio.ps1 Invoke-VisualStudio2022${{ matrix.variant.arch }} - name: Environment Setup (Linux) - if: matrix.variant.os == 'ubuntu-latest' + if: matrix.variant.os == 'ubuntu-22.04' run: | sudo apt-get -y update - name: Environment Setup (OSX) - if: matrix.variant.os == 'macos-latest' + if: matrix.variant.os == 'macos-13' run: | echo - name: Environment Setup (Linux/GCC) - if: matrix.variant.os == 'ubuntu-latest' && matrix.variant.generator == 'gcc' + if: matrix.variant.os == 'ubuntu-22.04' && matrix.variant.generator == 'gcc' run: | sudo apt install -y g++ echo CC=gcc >> $GITHUB_ENV echo CXX=g++ >> $GITHUB_ENV - name: Environment Setup (Linux/CLang) - if: matrix.variant.os == 'ubuntu-latest' && matrix.variant.generator == 'clang' + if: matrix.variant.os == 'ubuntu-22.04' && matrix.variant.generator == 'clang' run: | sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)" echo CC=clang >> $GITHUB_ENV diff --git a/CMakeLists.txt b/CMakeLists.txt index 1269349..a148615 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -11,7 +11,7 @@ project( kdmp-parser DESCRIPTION "A Cross-Platform C++ parser library for Windows kernel minidumps." HOMEPAGE_URL https://github.com/0vercl0k/kdmp-parser - VERSION 0.7.2 + VERSION 0.7.3 ) set(PROJECT_AUTHOR 0vercl0k) diff --git a/src/lib/kdmp-parser-structs.h b/src/lib/kdmp-parser-structs.h index 455db31..13ef53a 100644 --- a/src/lib/kdmp-parser-structs.h +++ b/src/lib/kdmp-parser-structs.h @@ -31,8 +31,10 @@ enum class DumpType_t : uint32_t { BMPDump = 0x5, // New stuff - MiniDump = 0x4, // Produced by `.dump /m` - KernelMemoryDump = 0x8, // Produced by `.dump /k` + MiniDump = 0x4, // Produced by `.dump /m` + LiveKernelBitmapDump = 0x6, // (22h2+) Produced by TaskMgr > System > Create + // Live Kernel Memory Dump + KernelMemoryDump = 0x8, // Produced by `.dump /k` KernelAndUserMemoryDump = 0x9, // Produced by `.dump /ka` CompleteMemoryDump = 0xa, // Produced by `.dump /f` }; @@ -88,6 +90,8 @@ constexpr std::string_view DumpTypeToString(const DumpType_t Type) { // New stuff case DumpType_t::MiniDump: return "MiniDump"; + case DumpType_t::LiveKernelBitmapDump: + return "LiveKernelBitmapDump"; case DumpType_t::KernelMemoryDump: return "KernelMemoryDump"; case DumpType_t::KernelAndUserMemoryDump: @@ -750,6 +754,7 @@ struct HEADER64 { break; } + case DumpType_t::LiveKernelBitmapDump: case DumpType_t::BMPDump: { if (!u3.BmpHeader.LooksGood()) { printf("The BmpHeader looks wrong.\n"); diff --git a/src/lib/kdmp-parser.h b/src/lib/kdmp-parser.h index c9a2be1..8f3715f 100644 --- a/src/lib/kdmp-parser.h +++ b/src/lib/kdmp-parser.h @@ -96,6 +96,7 @@ class KernelDumpParser { } break; } + case DumpType_t::LiveKernelBitmapDump: case DumpType_t::BMPDump: { if (!BuildPhysmemBMPDump()) { printf("BuildPhysmemBMPDump failed.\n"); diff --git a/src/python/CMakeLists.txt b/src/python/CMakeLists.txt index d778594..638f439 100644 --- a/src/python/CMakeLists.txt +++ b/src/python/CMakeLists.txt @@ -13,7 +13,7 @@ project( kdmp-parser-python DESCRIPTION "A Cross-Platform C++ parser library for Windows kernel minidumps." HOMEPAGE_URL https://github.com/0vercl0k/kdmp-parser - VERSION 0.7.2 + VERSION 0.7.3 ) set(PROJECT_AUTHOR 0vercl0k) set(PROJECT_LICENSE MIT) diff --git a/src/python/kdmp_parser/__init__.py b/src/python/kdmp_parser/__init__.py index 59dd359..73f8717 100644 --- a/src/python/kdmp_parser/__init__.py +++ b/src/python/kdmp_parser/__init__.py @@ -24,13 +24,14 @@ class DumpType(enum.IntEnum): - FullDump = _DumpType_t.FullDump - KernelDump = _DumpType_t.KernelDump - BMPDump = _DumpType_t.BMPDump - MiniDump = _DumpType_t.MiniDump - KernelMemoryDump = _DumpType_t.KernelMemoryDump - KernelAndUserMemoryDump = _DumpType_t.KernelAndUserMemoryDump - CompleteMemoryDump = _DumpType_t.CompleteMemoryDump + FullDump = _DumpType_t.FullDump.value + KernelDump = _DumpType_t.KernelDump.value + BMPDump = _DumpType_t.BMPDump.value + LiveKernelBitmapDump = _DumpType_t.LiveKernelBitmapDump.value + MiniDump = _DumpType_t.MiniDump.value + KernelMemoryDump = _DumpType_t.KernelMemoryDump.value + KernelAndUserMemoryDump = _DumpType_t.KernelAndUserMemoryDump.value + CompleteMemoryDump = _DumpType_t.CompleteMemoryDump.value class KernelDumpParser: @@ -56,7 +57,7 @@ def __init__(self, path: Union[str, pathlib.Path]): self.filepath = path self.context: __CONTEXT = self.__dump.GetContext() self.directory_table_base: int = self.__dump.GetDirectoryTableBase() & ~0xFFF - self.type = DumpType(self.__dump.GetDumpType()) + self.type = DumpType(self.__dump.GetDumpType().value) self.header: __HEADER64 = self.__dump.GetDumpHeader() self.pages = _PageIterator(self.__dump) return diff --git a/src/python/pyproject.toml b/src/python/pyproject.toml index b680b8f..11b8d26 100644 --- a/src/python/pyproject.toml +++ b/src/python/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "scikit_build_core.build" [project] name = "kdmp-parser" -version = "0.7.2" +version = "0.7.3" description = "A Cross-Platform C++ parser library for Windows kernel minidumps." readme = "README.md" requires-python = ">=3.8" @@ -13,6 +13,11 @@ classifiers = [ "Development Status :: 4 - Beta", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", "Topic :: Software Development :: Assemblers", "Natural Language :: English", ] @@ -29,11 +34,7 @@ wheel.py-api = "cp312" minimum-version = "0.4" build-dir = "build/{wheel_tag}" cmake.minimum-version = "3.20" -cmake.args = [ - "-DBUILD_PARSER:BOOL=OFF", - "-DBUILD_TESTS:BOOL=OFF", - "-DBUILD_PYTHON_PACKAGE:BOOL=ON", -] +cmake.args = ["-DBUILD_PYTHON_PACKAGE:BOOL=ON"] [tool.cibuildwheel] build-verbosity = 1 @@ -41,4 +42,4 @@ test-command = "pytest {project}/tests" test-requires = "pytest" [tool.cibuildwheel.macos.environment] -MACOSX_DEPLOYMENT_TARGET = "10.14" +MACOSX_DEPLOYMENT_TARGET = "10.13" diff --git a/src/python/src/kdmp_parser.cc b/src/python/src/kdmp_parser.cc index b790067..0c4f61d 100644 --- a/src/python/src/kdmp_parser.cc +++ b/src/python/src/kdmp_parser.cc @@ -42,7 +42,8 @@ NB_MODULE(_kdmp_parser, m) { .value("FullDump", kdmpparser::DumpType_t::FullDump) .value("KernelDump", kdmpparser::DumpType_t::KernelDump) .value("BMPDump", kdmpparser::DumpType_t::BMPDump) - + .value("LiveKernelBitmapDump", + kdmpparser::DumpType_t::LiveKernelBitmapDump) .value("MiniDump", kdmpparser::DumpType_t::MiniDump) .value("KernelMemoryDump", kdmpparser::DumpType_t::KernelMemoryDump) .value("KernelAndUserMemoryDump", @@ -80,8 +81,8 @@ NB_MODULE(_kdmp_parser, m) { .def_ro("TotalPresentPages", &kdmpparser::BMP_HEADER64::TotalPresentPages) .def_ro("Pages", &kdmpparser::BMP_HEADER64::Pages) .def_ro("Bitmap", &kdmpparser::BMP_HEADER64::Bitmap) - .def("Show", &kdmpparser::PHYSMEM_DESC::Show, "Prefix"_a) - .def("LooksGood", &kdmpparser::PHYSMEM_DESC::LooksGood); + .def("Show", &kdmpparser::BMP_HEADER64::Show, "Prefix"_a) + .def("LooksGood", &kdmpparser::BMP_HEADER64::LooksGood); nb::class_(m, "RDMP_HEADER64") .def(nb::init<>()) @@ -267,8 +268,8 @@ NB_MODULE(_kdmp_parser, m) { return Hdr.u3.FullRdmpHeader; }) - .def("Show", &CONTEXT::Show, "Prefix"_a) - .def("LooksGood", &CONTEXT::LooksGood); + .def("Show", &HEADER64::Show, "Prefix"_a) + .def("LooksGood", &HEADER64::LooksGood); m.attr("PageSize") = kdmpparser::Page::Size; m.def("PageAlign", &kdmpparser::Page::Align, "Address"_a, diff --git a/src/tests/tests_parser.cc b/src/tests/tests_parser.cc index 36aa6c8..81ee11a 100644 --- a/src/tests/tests_parser.cc +++ b/src/tests/tests_parser.cc @@ -175,10 +175,36 @@ constexpr TestCaseValues TestCaseCompleteDump{ 0x00000000'0000001fULL, }; +constexpr TestCaseValues TestLiveKernelBitmapDump{ + "fulllivekernelmemory.dmp", + kdmpparser::DumpType_t::LiveKernelBitmapDump, + 0x154f5, + 0x0000000d96a9000, // cr3 + {0x67, 0xd8, 0xb6, 0xdd, 0x00, 0x00, 0x00, 0x0a, 0x67, 0xa8, 0x1d, 0xd6, + 0x00, 0x00, 0x00, 0x0a}, + 0x4ULL, + 0xffffd20fd8553000ULL, + 0xffffa1000ed84a00ULL, + 0x0ULL, + 0xffffd20fd3beeae0ULL, + 0xfffff8074fb4b180ULL, + 0xfffff80750a98b6dULL, + 0xfffffd8d6bcaed10ULL, + 0x0ULL, + 0xb80ULL, + 0xffffd20fd8553348ULL, + 0x0ULL, + 0xffffd20fd8553000ULL, + 0x2ULL, + 0x0ULL, + 0xffffd20fd48d5080ULL, + 0x1ULL, +}; + constexpr std::array Testcases{ TestCaseBmp, TestCaseFull, TestCaseKernelDump, TestCaseKernelUserDump, - TestCaseCompleteDump, + TestCaseCompleteDump, TestLiveKernelBitmapDump, }; TEST_CASE("kdmp-parser", "parser") {